﻿--[[
Rule name: ImageMagick vulnerability
Filtering stage: Request phase
Threat level: Critical
Rule description: ImageMagick is a powerful open-source graphics processing software, and this vulnerability can execute arbitrary commands and read/write files
--]]


local rgx = waf.rgxMatch
local function imgContentMatch(v)
    local m = rgx(v, "\\bpush\\s+graphic-context\\b|\\<\\s*image\\b", "joi")
    if m then
        return m, v
    end
    return false
end

if waf.form then
    local m, d = waf.knFilter(waf.form["FILES"], imgContentMatch, 0)
    return m, d, true
end
return false